Kafka - Security
How would you configure a Kafka client to authenticate using SSL client certificates and also use SASL/PLAIN over SSL?
How would you configure a Kafka client to authenticate using SSL client certificates and also use SASL/PLAIN over SSL?
hard📝 Application Q9 of 15
Step-by-Step Solution
Solution:
Step 1: Understand combined SSL client cert and SASL/PLAIN
security.protocol=SASL_SSL enables SASL authentication over SSL, allowing client certs.Step 2: Check required properties
ssl.keystore.location and password configure client certificates; sasl.mechanism=PLAIN and sasl.jaas.config provide SASL credentials.Step 3: Evaluate other options
security.protocol=SSL sasl.mechanism=PLAIN ssl.keystore.location=/path/to/keystore.jks misses SASL_SSL protocol; security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN ssl.keystore.location=/path/to/keystore.jks uses SASL_PLAINTEXT (no SSL); security.protocol=PLAINTEXT sasl.mechanism=PLAIN uses PLAINTEXT (no security).Final Answer:
security.protocol=SASL_SSL sasl.mechanism=PLAIN ssl.keystore.location=/path/to/keystore.jks ssl.keystore.password=keystorepass sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user" password="pass"; -> Option CQuick Check:
SASL_SSL with keystore and PLAIN = SSL client cert + SASL auth [OK]
Quick Trick: SASL_SSL + keystore + PLAIN for client cert and SASL auth [OK]
Common Mistakes:
MISTAKES- Using SSL without SASL for PLAIN auth
- Using SASL_PLAINTEXT disables encryption
- Omitting keystore for client certs
Master "Security" in Kafka
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Kafka Quizzes